My avast alarm is going off every 6-7 seconds warning me that a “threat has been detected” and malware blocked. The “object” changes every time but the “process” is always identified as C:\Windown\System32\svchost.exe. I’ve run a full scan with (free) avast and malwarebytes but they’ve found nothing. MBAM and OTL ogs are attached.

I tried also running aswmbr but it crashed my computer. My OS is Windows 7 running on a Dell Inspirion n5110 laptop. I generally use IE.

Any help you can offer would be greatly appreciated!

Edit: Ran aswmbr in safe mode as suggested below and it worked like a charm. Log is now also attached.

I tried also running aswmbr but it crashed my computer.

malware experts are notified…

Hi there, the OTL log was all run together making it very hard to interpret

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

[*]Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
[*]Select both shortcut and additions at the bottom
[*]Press Scan button.

https://dl.dropboxusercontent.com/u/73555776/frst.JPG

[*]It will produce a log called FRST.txt in the same directory the tool is run from.
[*]Please attach all 3 logs generated.

did you try from safe mode?

Pondus,

I ran it in safe mode and it worked like a charm. I edited my OP to reflect this and attached the log there.

Essexboy,

Thank you, the logs are attached.

OK I can see the bad boy now, I will need to use a different tool to start the removal process I will need two runs with this. The first will be for data gathering, once I have that we will then remove it

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

• IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks

http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png

http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png

[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix’s window while it is running. That may cause it to stall.
2. Do not “re-run” Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Essexboy,

OK, I followed your instructions and downloaded & ran combofix. The threat is still being detected and going off regularly (every few seconds). The only oddity I’ve noticed is that my IE browser won’t go to Google or Youtube now.

Attached is the log.

OK this one will stop it, I am going to replace the infected file with a clean copy

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

FCopy:: c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll|c:\windows\system32\rpcss.dll

Save this as CFScript.txt, in the same location as ComboFix.exe

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Essexboy,

Done and done. Attached is the log.

Excellent, could you confirm that the alerts have now ceased

Essexboy,

Indeed, that did it! I rebooted and am now alert-free! My laptop is running smoothly again. Thank you so much for your help!

In that case methinks I will send you on your merry way

Subject to no further problems

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:

Download and run Delfix

https://dl.dropboxusercontent.com/u/73555776/delfix.JPG

: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

https://dl.dropboxusercontent.com/u/73555776/CryptoPrevent.JPG

Malwarebytes.

Update and run weekly to keep your system clean

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe

Essexboy and Pondus,

I ran DelFix and everything is cleaned up. I just wanted to say thank you, again, for all of your help. I’m so grateful to have my laptop running smoothly again. You’re lifesavers!

'Twas our pleasure…